Question COMP-05
Does your product process protected health information (PHI) or any data covered by the Health Insurance Portability and Accountability Act?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
You should be completing the Full HECVAT, not the Lite.
Reason for Question
Responses to this question may indicate the presence of PHI data in the vended product.
Follow-Up Inquiries
Determine if the HECVAT Lite is appropriate for assessing products hosting and/or interacting with PHI. HECVAT Full may be more appropriate, depending on your risk tolerance and use case.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]